Regístrese ahora para una mejor cotización personalizada!

Noticias calientes

Fake antivirus updates used to deploy malware in Ukraine

Mar, 14, 2023 Hi-network.com

Ukraine's Computer Emergency Response Team (CERT-UA) warned that threat actors are using fake Windows antivirus updates to install Cobalt Strike and other malware in Ukraine. The phishing emails, which impersonate Ukrainian government agencies, propose a way to increase network security and advise recipients to download the BitdefenderWindowsUpdatePackage.exe., falsely dubbed a 'critical security update'. 

When executed, the malware downloads and installs a Cobalt Strike beacon. The malware also downloads a Go downloader (dropper.exe), which then decodes and executes a secondary file (java-sdk.exe). This secondary file modifies the registry of the infected system to establish persistence and downloads two additional payloads, the GraphSteel backdoor (microsoft-cortana.exe) and the GrimPlant backdoor (oracle-java.exe).

CERT-UA associates the malicious activity with the UAC-0056 group, also known as 'Lorec53', a sophisticated Russian-speaking threat group, with medium confidence.

tag-icon Etiquetas calientes: Seguridad de red Ukraine conflict: Digital and cyber aspects (en inglés)

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.
Our company's operations and information are independent of the manufacturers' positions, nor a part of any listed trademarks company.